One of Eczacıbaşı Holding's top priorities is ensuring the security of all data belonging to our companies, our employees, our stakeholders, our company sites, and our corporate data processing operations by considering confidentiality, integrity and availability.

Accordingly, Eczacıbaşı Holding fulfills all the conditions foreseen by laws, standards, and our corporate policies and procedures with respect to information security and related issues.We operate an Information Security Management System that complies with the ISO / IEC 27001 standard, where applicable requirements for information security are met.

To ensure full compliance with Eczacıbaşı Holding's InformationSecurity Management System and enable us to continually improve our performance, we conduct internal audits and evaluatethe results at the senior management level. In this context, to ensure and continuously improve security in line with the principle of separation of duties, we establish and operate in-process control mechanisms.

To protect our information assets, we vigorously control the storage, transfer, change, access, and processing of data assets based on current best practices.

We inform our employees and stakeholders about our information security policies and procedures and provide the necessary resources and trainings to access these policies and procedures.

In the selection of our suppliers and business partners, we take into account their performance with respect to informationsecurity. We also collaborate with stakeholders, and official institutions and individuals on issues related to InformationSecurity Management Systems.

The Group has the organizational structure, resources, and infrastructure to detect and report on information security violations and to take actions as soon as possible. We implement the necessary sanctions for information security violations.